#!/bin/bash # newsign: sign the rpm packages with the right key usage () { echo "newsign: usage: newsign [--oldkey|--newkey] [--release rel] pkg.rpm [pkg.rpm ...]" echo " --oldkey: use legacy signing key (default)" echo " --newkey: use per-release signing keys" } # Parse options OPTS=$(getopt --options '' --longoptions oldkey,newkey,release: --name "newsign" -- "$@") if [ $? != 0 ]; then usage 1>&2 exit 1 fi eval set -- "$OPTS" USE_LEGACY_KEY=false FORCE_RELEASE=no while : do case "$1" in --newkey) USE_LEGACY_KEY=false shift ;; --oldkey) USE_LEGACY_KEY=true shift ;; --release) FORCE_RELEASE="$2" case "$FORCE_RELEASE" in fc[1-9][0-9]) ;; rhel[7-9]|rhel1[0-9]) ;; *) echo "newsign: --release option not recognized: $FORCE_RELEASE" exit 1 ;; esac shift 2 ;; --) shift break ;; *) echo 'Internal error!' exit 1 ;; esac done # Should be specifying at least one package to sign case $# in 0) usage 1>&2 exit 1;; esac # Passphrase directory must be specified via environment if [ -z "$RPM_GPG_PP_DIR" ]; then echo "newsign: RPM_GPG_PP_DIR variable not set in environment" 1>&2 exit 1 fi # Determine distribution release for each package for pkg in "$@" do if [[ "$pkg" =~ [.]fc19[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc19" ]; then fc19pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc20[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc20" ]; then fc20pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc21[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc21" ]; then fc21pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc22[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc22" ]; then fc22pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc23[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc23" ]; then fc23pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc24[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc24" ]; then fc24pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc25[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc25" ]; then fc25pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc26[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc26" ]; then fc26pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc27[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc27" ]; then fc27pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc28[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc28" ]; then fc28pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc29[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc29" ]; then fc29pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc30[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc30" ]; then fc30pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc31[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc31" ]; then fc31pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc32[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc32" ]; then fc32pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc33[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc33" ]; then fc33pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc34[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc34" ]; then fc34pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc35[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc35" ]; then fc35pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc36[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc36" ]; then fc36pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc37[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc37" ]; then fc37pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc38[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc38" ]; then fc38pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc39[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc39" ]; then fc39pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc40[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc40" ]; then fc40pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc41[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc41" ]; then fc41pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc42[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc42" ]; then fc42pkgs+=("$pkg") elif [[ "$pkg" =~ [.]fc43[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "fc43" ]; then fc43pkgs+=("$pkg") elif [[ "$pkg" =~ [.]devel[.][^.]*[.]rpm ]]; then fc43pkgs+=("$pkg") elif [[ "$pkg" =~ [.](rh)?el7[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "rhel7" ]; then rhel7pkgs+=("$pkg") elif [[ "$pkg" =~ [.](rh)?el8[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "rhel8" ]; then rhel8pkgs+=("$pkg") elif [[ "$pkg" =~ [.](rh)?el9[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "rhel9" ]; then rhel9pkgs+=("$pkg") elif [[ "$pkg" =~ [.](rh)?el10[.][^.]*[.]rpm ]] || [ "$FORCE_RELEASE" = "rhel10" ]; then rhel10pkgs+=("$pkg") else echo "newsign: did not match a supported release: $pkg" 1>&2 exit 1 fi done # Sign packages for Fedora 19 if [ ${#fc19pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 19" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc19pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-19.pp" \ --define "_gpg_name 098417D1D1FB2A40FA53C8FE7DD7A5DDFA9B7D7F" \ --resign ${fc19pkgs[@]} fi fi # Sign packages for Fedora 20 if [ ${#fc20pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 20" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc20pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-20.pp" \ --define "_gpg_name 6EC59FE430BF819EEA3110A2D8F42F132ACBA38E" \ --resign ${fc20pkgs[@]} fi fi # Sign packages for Fedora 21 if [ ${#fc21pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 21" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc21pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-21.pp" \ --define "_gpg_name 5498CAEE5FF183A99C7A5495837FA5C828D67691" \ --resign ${fc21pkgs[@]} fi fi # Sign packages for Fedora 22 if [ ${#fc22pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 22" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc22pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-22.pp" \ --define "_gpg_name EBA87774A3C62B3EF87360A33717C59E699C70D9" \ --resign ${fc22pkgs[@]} fi fi # Sign packages for Fedora 23 if [ ${#fc23pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 23" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc23pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-23.pp" \ --define "_gpg_name A8C2499C4FE502ACEA2E60DA330A8D795AB5A1AB" \ --resign ${fc23pkgs[@]} fi fi # Sign packages for Fedora 24 if [ ${#fc24pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 24" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc24pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-24.pp" \ --define "_gpg_name B5795ACA9D5FAFD1FB1CC9201093275D498A8866" \ --resign ${fc24pkgs[@]} fi fi # Sign packages for Fedora 25 if [ ${#fc25pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 25" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc25pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-25.pp" \ --define "_gpg_name F798B25A6504DFB20238A0872C14CC9521BDE279" \ --resign ${fc25pkgs[@]} fi fi # Sign packages for Fedora 26 if [ ${#fc26pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 26" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc26pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-26.pp" \ --define "_gpg_name 602B438F46E889350ED947BB3C9FA460F742AEA0" \ --resign ${fc26pkgs[@]} fi fi # Sign packages for Fedora 27 if [ ${#fc27pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 27" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc27pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-27.pp" \ --define "_gpg_name 997F965BAE11A6780437B06E9E1373D8CBA80CC8" \ --resign ${fc27pkgs[@]} fi fi # Sign packages for Fedora 28 if [ ${#fc28pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 28" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc28pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-28.pp" \ --define "_gpg_name 42C6285584845A8B9E17FD770EE7050A286C895B" \ --resign ${fc28pkgs[@]} fi fi # Sign packages for Fedora 29 if [ ${#fc29pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 29" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc29pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-29.pp" \ --define "_gpg_name 1BC0F136C576AA191DE45DBB6AF1E1181473A257" \ --resign ${fc29pkgs[@]} fi fi # Sign packages for Fedora 30 if [ ${#fc30pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 30" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc30pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-30.pp" \ --define "_gpg_name 05F373D1DDD7CC3733A39B9AA91EE8B2788B6068" \ --resign ${fc30pkgs[@]} fi fi # Sign packages for Fedora 31 if [ ${#fc31pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 31" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc31pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-31.pp" \ --define "_gpg_name 11DB362E67D4358CB70EEAD2A9ADB68A26630EE0" \ --resign ${fc31pkgs[@]} fi fi # Sign packages for Fedora 32 if [ ${#fc32pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 32" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc32pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-32.pp" \ --define "_gpg_name 9606AF45589C9B724A616A9A33C75FA83310F196" \ --resign ${fc32pkgs[@]} fi fi # Sign packages for Fedora 33 if [ ${#fc33pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 33" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc33pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-33.pp" \ --define "_gpg_name 4BC9304AAE7E346FA58A49C8DE01F509B95A47FD" \ --resign ${fc33pkgs[@]} fi fi # Sign packages for Fedora 34 if [ ${#fc34pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 34" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc34pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-34.pp" \ --define "_gpg_name 3DE6DBF6BD5FED7BA3FFAA61F0BE0AE99A18DA65" \ --resign ${fc34pkgs[@]} fi fi # Sign packages for Fedora 35 if [ ${#fc35pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 35" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc35pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-35.pp" \ --define "_gpg_name 810350FCADF1C913D16A73F4E2D1103B8C15861F" \ --resign ${fc35pkgs[@]} fi fi # Sign packages for Fedora 36 if [ ${#fc36pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 36" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc36pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-36.pp" \ --define "_gpg_name D009F8D2C5A184E97AD8C8C42AD580FB490D8FF0" \ --resign ${fc36pkgs[@]} fi fi # Sign packages for Fedora 37 if [ ${#fc37pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 37" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${fc37pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-37.pp" \ --define "_gpg_name E82978B335029473598E5D2231F4F55AB13A75C6" \ --resign ${fc37pkgs[@]} fi fi # Sign packages for Fedora 38 if [ ${#fc38pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 38" rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-38.pp" \ --define "_gpg_name 0C90853101AD15523B5C119ED5D46D1CD5B12DA2" \ --resign ${fc38pkgs[@]} fi # Sign packages for Fedora 39 if [ ${#fc39pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 39" rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-39.pp" \ --define "_gpg_name A5C99CDD90CF7D3CA933434313C4E73285F99FC9" \ --resign ${fc39pkgs[@]} fi # Sign packages for Fedora 40 if [ ${#fc40pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 40" rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-40.pp" \ --define "_gpg_name 91DE841EA59A8B6BF759AF428F3868E8106D7182" \ --resign ${fc40pkgs[@]} fi # Sign packages for Fedora 41 if [ ${#fc41pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 41" rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-41.pp" \ --define "_gpg_name A3D5FC204109B337E7262C89696531A26AAB2DC4" \ --resign ${fc41pkgs[@]} fi # Sign packages for Fedora 42 if [ ${#fc42pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 42" rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-42.pp" \ --define "_gpg_name 98094AC8D6D722F626AAF0B8A377F57E999583AF" \ --resign ${fc42pkgs[@]} fi # Sign packages for Fedora 43 if [ ${#fc43pkgs[@]} -gt 0 ]; then echo "Signing packages for Fedora 43" rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-fedora-43.pp" \ --define "_gpg_name 0227ECF23549B5DE1B87BFFFE740D940B801D661" \ --resign ${fc43pkgs[@]} fi # Need to generate some new keys and record them here # Sign packages for EL-7 if [ ${#rhel7pkgs[@]} -gt 0 ]; then echo "Signing packages for EL-7" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${rhel7pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-rhel-7.pp" \ --define "_gpg_name BBE75C4FA3C38EE4AECCE8151055B86498661EB8" \ --resign ${rhel7pkgs[@]} fi fi # Sign packages for EL-8 if [ ${#rhel8pkgs[@]} -gt 0 ]; then echo "Signing packages for EL-8" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${rhel8pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-rhel-8.pp" \ --define "_gpg_name E8BAA2AEA0FD72B16A69663D3CF893C4B3F2ABE2" \ --resign ${rhel8pkgs[@]} fi fi # Sign packages for EL-9 if [ ${#rhel9pkgs[@]} -gt 0 ]; then echo "Signing packages for EL-9" if [ "$USE_LEGACY_KEY" = "true" ]; then rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/CITY-FAN.ORG-GPG-KEY-legacy.pp" \ --define "_gpg_name 2F04DEAEA32C0963B6969A95E0BE69C9B56A8BAC" \ --resign ${rhel9pkgs[@]} else rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-rhel-9.pp" \ --define "_gpg_name 829410B4D90E8672CE5C1627A3F8B586BE1D8C17" \ --resign ${rhel9pkgs[@]} fi fi # Sign packages for EL-10 if [ ${#rhel10pkgs[@]} -gt 0 ]; then echo "Signing packages for EL-10" rpmsign --define "_signature gpg" \ --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file $RPM_GPG_PP_DIR/RPM-GPG-KEY-city-fan.org-rhel-10.pp" \ --define "_gpg_name 6FD4ED77FF2EEE6B5D5762100EA7DE51036A2A22" \ --resign ${rhel10pkgs[@]} fi